Apparatus, system, and method for network authentication and content distribution

ABSTRACT

An apparatus, system, and method are disclosed for network authentication and content distribution. The apparatus includes an authentication module configured to receive redirected network requests over a communications network from a firewall module and configured to present a user license agreement and not require user-identifiable information, and a content distribution module configured to synchronize over the communications network with a client module and transmit content to the client module. The system includes a firewall module connected with a global communications network, a network connected with the firewall module, a computing device configured to couple with the network, and the apparatus. The method includes receiving redirected network requests over a communications network from a firewall module, presenting a user license agreement and not requiring user-identifiable information, and synchronizing over the communications network with a client module and transmitting content to the client module.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.11/334,969 filed on Jan. 19, 2006 for James M. Davison and ChristopherM. Sansone and entitled “Apparatus, System, and Method for NetworkAuthentication and Content Distribution.” Applicants claim priority toU.S. application Ser. No. 11/334,969, which is incorporated by referenceherein in its entirety.

BACKGROUND

1. Field

This invention relates to providing access to a communications networkand more particularly relates to controlling content distribution andnetwork authentication.

2. Description of the Related Art

The global network known as the Internet has grown from a tool used byscientists, researchers, and technology experts to a near necessity formany people throughout the world. The Internet has become a means ofcommunication for people across the globe as well as an entertainmentmedia delivery system. Internet users can access millions of differentweb sites using their computer and a connection to the Internet. Thesemillions of different websites host files containing text, audio, videoand graphics.

Currently, the internet user can access the Internet using a variety ofdifferent connections. Initially the majority of the populationconnected to the Internet using a “dial-up” connection. The dial-upconnection is typically limited to 56 Kbytes/second. In the early yearsof the Internet, the dial-up connection was sufficient for most users.However, as websites hosted increasingly larger files the demand forbandwidth likewise increased. Examples of large files may include newsbroadcasts, movies, video-based advertising, etc. In other words, anycontent other than text began to increase the demand for a connectionfaster than 56 Kbytes/second.

The next generation of network connections is broadly referred to as a“broadband internet” connection. The term “broadband” loosely refers tonetworks having bandwidths significantly greater than that found intelephony or dial-up networks. Broadband can refer to DSL, cable,wireless, fixed wireless, satellite, fiber, and power-line networkconnections. Broadband connections have enabled a wide range ofapplications that were not possible before such as internet phones(VoIP), streaming videos, internet television, internet radio, etc.

Recently a broadband connection is not limited to a physical connectionsuch a phone line or coaxial cable. Wireless technology has enabledusers with portable devices, such as laptop computers and cellularphones, to access the internet from anywhere in range of a wirelessaccess point or cell phone tower. Many Internet users carry internetenabled laptops, personal digital assistants, and other electronicdevices and are able to access the Internet at any desired location tobrowse the Internet and read emails. To attract and accommodatecustomers with these devices, many commercial establishments such asrestaurants, coffee shops, and book stores provide Internet access.

Like traditional dial-up or broadband connections, commercialestablishments frequently implement a version of a subscription basedsystem to offer Internet access, requiring a username and password. Forexample, a purchase at the store may be required for access to theInternet for a limited amount of time. Alternatively, Internet accessmay be provided by the commercial establishment for free.

Currently, some Internet service providers provide Internet access usingadvertising based access policies. Access to the Internet is providedfree to users in exchange for the users viewing advertisements providedto the ISP by content providers. Internet advertising typically consistsof images that take up part of the users screen. These images arecommonly referred to as “banners.” Typical advertising for accesspolicies continuously download banner ads that cycle across the usersscreen. The content providers pay the ISP for the advertising dependingon a variety of factors. Generally, advertisers pay the ISP depending onthe number of “click-throughs.” The term “click-through” refers to thenumber of users who click on the advertisement.

However, this advertising based Internet access policy has not proven tobe effective at commercial establishments due to customers' privacyconcerns and not wanting to provide personal or financial information.Additionally, many Internet users have come to expect that Internetaccess be anonymous and provided for free. Furthermore, ensuring thatfinancial details and transactions are secure increases the costs ofmaintaining the network. However, providing free Internet access doesnothing to help support the network, and access control and liabilitymay be an issue.

From the foregoing discussion, it should be apparent that a need existsfor an apparatus, system, and method for network access and contentdistribution. Beneficially, such an apparatus, system, and method wouldprovide anonymous network access to users while also distributingcontent and authenticating users.

SUMMARY

The present invention has been developed in response to the presentstate of the art, and in particular, in response to the problems andneeds in the art that have not yet been fully solved by currentlyavailable computing environments. Accordingly, the present invention hasbeen developed to provide an apparatus, system, and method for networkauthentication and content distribution that overcome many or all of theabove-discussed shortcomings in the art.

The apparatus is provided with a plurality of modules configured tofunctionally execute the necessary steps of network authentication andcontent distribution. These modules in the described embodiments includean authentication module configured to receive redirected networkrequests over a communications network from a firewall module, with theauthentication module configured to present a user license agreement andnot require user-identifiable information, and a content distributionmodule configured to synchronize over the communications network with aclient module and transmit content to the client module.

In one embodiment, the content distribution module redirects networkrequests to the firewall module upon losing sync with the client module.The authentication module may be configured to allow network requestsupon acceptance of the user license agreement and deny network requestsupon non-acceptance of the user license agreement.

In a further embodiment, the communications network includes a wirelessaccess point configured to wirelessly couple with a computing device.The computing device may include a browser configured to access aplurality of network resources. Additionally, the client module isconfigured to operate within the browser. The authentication module maybe configured to terminate network access upon the closing of a browserwindow having the client module.

A system of the present invention is also presented for networkauthentication and content distribution. In particular, the system, inone embodiment, includes a firewall module connected with a globalcommunications network, and a communications network connected with thefirewall module. The communications network may also include a wirelessaccess point. The system, in one embodiment, includes a computing deviceconfigured to couple with the network, an authentication moduleconfigured to receive redirected network requests over a communicationsnetwork from the firewall module, the authentication module configuredto present a user license agreement without requiring user-identifiableinformation, a content distribution module configured to synchronizeover the communications network with a client module and transmitcontent to the client module, and the client module configured tooperate within the computing device. The system may also include theapparatus as described above.

A method of the present invention is also presented. The method in thedisclosed embodiments substantially includes the steps necessary tocarry out the functions presented above with respect to the operation ofthe described apparatus and system. In one embodiment, the methodincludes receiving redirected network requests over a communicationsnetwork from a firewall module, presenting a user license agreement andnot requiring user-identifiable information, and synchronizing over thecommunications network with a client module and transmitting content tothe client module.

In one embodiment, the method also includes operations to redirectnetwork requests to the firewall module upon losing sync with the clientmodule, and to allow network requests upon acceptance of the userlicense agreement and deny network requests upon non-acceptance of theuser license agreement.

In a further embodiment, the method includes operations to wirelesslycouple with a computing device, access a plurality of network resources,and terminate network access upon the closing of a browser window havingthe client module.

Reference throughout this specification to features, advantages, orsimilar language does not imply that all of the features and advantagesthat may be realized with the present invention should be or are in anysingle embodiment of the invention. Rather, language referring to thefeatures and advantages is understood to mean that a specific feature,advantage, or characteristic described in connection with an embodimentis included in at least one embodiment of the present invention. Thus,discussion of the features and advantages, and similar language,throughout this specification may, but do not necessarily, refer to thesame embodiment.

Furthermore, the described features, advantages, and characteristics ofthe invention may be combined in any suitable manner in one or moreembodiments. One skilled in the relevant art will recognize that theinvention may be practiced without one or more of the specific featuresor advantages of a particular embodiment. In other instances, additionalfeatures and advantages may be recognized in certain embodiments thatmay not be present in all embodiments of the invention.

These features and advantages of the present invention will become morefully apparent from the following description and appended claims, ormay be learned by the practice of the invention as set forthhereinafter.

BRIEF DESCRIPTION OF THE DRAWINGS

In order that the advantages of the invention will be readilyunderstood, a more particular description of the invention brieflydescribed above will be rendered by reference to specific embodimentsthat are illustrated in the appended drawings. Understanding that thesedrawings depict only typical embodiments of the invention and are nottherefore to be considered to be limiting of its scope, the inventionwill be described and explained with additional specificity and detailthrough the use of the accompanying drawings, in which:

FIG. 1 is a schematic block diagram illustrating one embodiment of acomputing environment in accordance with the present invention;

FIG. 2 is a schematic block diagram illustrating one embodiment of thecomputing environment in accordance with the present invention;

FIG. 3 is a schematic block diagram illustrating an alternativeembodiment of a computing environment in accordance with the presentinvention;

FIG. 4 is a schematic block diagram illustrating another embodiment of acomputing environment in accordance with the present invention;

FIG. 5 is a schematic flow chart diagram illustrating one embodiment ofa method for network authentication and content distribution inaccordance with the present invention; and

FIG. 6 is a schematic flow chart diagram illustrating an alternativemethod for network authentication and content distribution in accordancewith the present invention.

DETAILED DESCRIPTION

Many of the functional units described in this specification have beenlabeled as modules, in order to more particularly emphasize theirimplementation independence. For example, a module may be implemented asa hardware circuit comprising custom VLSI circuits or gate arrays,off-the-shelf semiconductors such as logic chips, transistors, or otherdiscrete components. A module may also be implemented in programmablehardware devices such as field programmable gate arrays, programmablearray logic, programmable logic devices or the like.

Modules may also be implemented in software for execution by varioustypes of processors. An identified module of executable code may, forinstance, comprise one or more physical or logical blocks of computerinstructions which may, for instance, be organized as an object,procedure, or function. Nevertheless, the executables of an identifiedmodule need not be physically located together, but may comprisedisparate instructions stored in different locations which, when joinedlogically together, comprise the module and achieve the stated purposefor the module.

Indeed, a module of executable code may be a single instruction, or manyinstructions, and may even be distributed over several different codesegments, among different programs, and across several memory devices.Similarly, operational data may be identified and illustrated hereinwithin modules, and may be embodied in any suitable form and organizedwithin any suitable type of data structure. The operational data may becollected as a single data set, or may be distributed over differentlocations including over different storage devices, and may exist, atleast partially, merely as electronic signals on a system or network.

Reference throughout this specification to “one embodiment,” “anembodiment,” or similar language means that a particular feature,structure, or characteristic described in connection with the embodimentis included in at least one embodiment of the present invention. Thus,appearances of the phrases “in one embodiment,” “in an embodiment,” andsimilar language throughout this specification may, but do notnecessarily, all refer to the same embodiment.

Reference to a signal bearing medium may take any form capable ofgenerating a signal, causing a signal to be generated, or causingexecution of a program of machine-readable instructions on a digitalprocessing apparatus. A signal bearing medium may be embodied by atransmission line, a compact disk, digital-video disk, a magnetic tape,a Bernoulli drive, a magnetic disk, a punch card, flash memory,integrated circuits, or other digital processing apparatus memorydevice.

Furthermore, the described features, structures, or characteristics ofthe invention may be combined in any suitable manner in one or moreembodiments. In the following description, numerous specific details areprovided, such as examples of programming, software modules, userselections, network transactions, database queries, database structures,hardware modules, hardware circuits, hardware chips, etc., to provide athorough understanding of embodiments of the invention. One skilled inthe relevant art will recognize, however, that the invention may bepracticed without one or more of the specific details, or with othermethods, components, materials, and so forth. In other instances,well-known structures, materials, or operations are not shown ordescribed in detail to avoid obscuring aspects of the invention.

FIG. 1 is a schematic block diagram illustrating one embodiment of acomputing environment 100 in accordance with the present invention. Inone embodiment, the computing environment 100 includes a globalcommunications network such as the Internet 102. Coupled to the Internet102 is a firewall module 104 by way of an internet connection 106. Theinternet connection 106 may, in one embodiment, be a cable connection, aDSL connection, a T1 connection, a wireless or fixed wirelessconnection, or any of the Internet Service Provider (ISP) connectionsoffered to end users.

The computing environment 100 may also include a network 108 coupledwith the firewall module 104. The network 108 may comprise a Local AreaNetwork (LAN) connecting a plurality of computing devices. The network108 may be configured as the LAN, or alternatively, a group of LANsconnected by the Internet 102, also referred to as a wide area network.In a further embodiment, the network 108 may comprise a wireless localarea network (WLAN). Many of the functional units of the network 108,such as routers, switches, hubs, etc., have been omitted for clarity.

The network 108 may include a plurality of devices such as a wirelessaccess point 110, a computing device 112, and a server 114. The wirelessaccess point 110, in one embodiment, is a device that connects one ormore wireless-enabled computing devices 112 together to create awireless network 116. Generally, the wireless access point 110 isconnected to a wired network, such as the network 108, and can relaydata between computing devices on each side. Furthermore, multiplewireless access points 110 may be connected together to form what isreferred to as a “mesh network” that enables a computing device 112 toremain connected while “roaming.”

In one embodiment, the computing device 112 is a portable or laptopcomputer. However, examples of computing devices 112 suitable for use inthe present invention include, but are not limited to, cellular phones,personal digital assistants, tablet computers, desktop computers, orother internet-enabled devices. The server 114 may be configured toauthenticate users and distribute content. The server 114 will bediscussed in greater detail below with reference to FIG. 2.

FIG. 2 is a schematic block diagram illustrating one embodiment of thecomputing environment 100 in accordance with the present invention. Inone embodiment, the server 114 comprises a content distribution module202 and an authentication module 204. The content distribution module202 may be configured to communicate or synchronize with a client module206 operating on the computing device 112 over the network 108.Furthermore, the content distribution module 202 is configured todistribute content such as text, images, audio, and/or video to theclient module 206.

In one embodiment, the content may comprise various forms of internetadvertising. Internet advertising may consist of images that take up aportion of a screen of the computing device 112. Examples of internetadvertising suitable for use with the present invention include, but arenot limited to, banner ads, pop-up ads, pop-under ads, ads embedded in aweb page, etc. The client module 206 is configured to receive contentfrom the content distribution module 202 and present the content to theuser visually or audibly. Furthermore, the client module 206 may beconfigured to continuously cycle through advertisements distributed bythe content distribution module 202.

In one embodiment, the content distribution module 202 “pushes” thecontent to the client module 206. Alternatively, the client module 202may download the content in a manner similar to how a browser views aweb page.

The firewall module 104 is configured to receive content requests fromthe computing device 112. In one embodiment, a computing device 112 thathas not associated with the network 108 previously is redirected by thefirewall module 104 to the authentication module 204. The authenticationmodule 204 may be configured to present a user license agreement (notshown). A user license agreement suitable for use with the presentinvention may prompt the user to accept the presence of the clientmodule 206 operating on the user's computing device 112. Such animplementation allows the computing environment to provideauthentication without requiring user-identifiable information, such asusernames and passwords. Many people are wary of submitting personalinformation over a public wireless network, and therefore avoidcomputing environments that require user-identifiable information. Thepresent invention allows a network to generate income throughadvertisements without requiring user-identifiable information.

The authentication module 204 is further configured to terminate theconnection between the network 108 and the computing device 112 if theuser does not agree to the user license agreement. In a furtherembodiment, the authentication module 204 is configured to create aninstance of the client module 206 in the computing device 112 uponacceptance of the user license agreement by the user.

The client module 206 may comprise a web-based applet running within abrowser of the computing device 112. For example, the client module 206may comprise a Java™ applet. Alternatively, examples of the clientmodule 206 may include, but are not limited to, Macromedia Flash™. Thecontent distribution module 202 and the client module 206 are configuredto synchronize over the network 108. The content distribution module 202requires that the client module 206 maintain communication with contentdistribution module 202 so that the status of the computing device 112is known by the server 114.

The content distribution module 202 module, in one embodiment, isfurther configured to track how the user responds to the advertisements.In a further embodiment, the content distribution module 202 tracks the“click-through” rate of each individual advertisement presented to theuser. Internet advertisement tracking is well known to those skilled inthe art and will not be given further discussion herein.

FIG. 3 is a schematic block diagram illustrating an alternativeembodiment of a computing environment 300 in accordance with the presentinvention. In one embodiment, the content distribution module 202 andthe authentication module 204 are consolidated into the firewall module104. The firewall module 104 may be implemented as a custom firmwaredeveloped to operate on a router having a built-in firewall.Furthermore, the content distribution module 202 and the authenticationmodule 204 may be incorporated into the firmware of the firewall module104.

As described above with reference to FIG. 2, the firewall module 104 isconfigured to receive Internet requests from the computing devices 112over the network 108. In a further embodiment, the firewall module 104may be incorporated into an “all-in-one” Internet appliance havingrouter, wireless, and firewall capabilities. Therefore, the firewallmodule 104 may be configured to receive Internet requests wirelesslyfrom the computing devices 112.

FIG. 4 is a schematic block diagram illustrating another embodiment of acomputing environment 400 in accordance with the present invention. Inone embodiment, the content distribution module 202 may be locatedoutside the firewall module 104 and be accessible through the Internet102. A configuration such as this allows the content distribution to behandled by a firm such as Google™, or DoubleClick™.

In a further embodiment, the firewall module 104 is configured tointercept Internet 102 requests by the computing device 112 and forwardthe Internet request to the authentication module 204. After the userlicense agreement is accepted and the client module 206 is running onthe client device 112, the firewall module 104 allows access to theInternet 102. The client module 206 subsequently synchronizes over theInternet 102 with the content distribution module 202. In such a manner,global content may be presented by the content distribution module 202.In one embodiment, global content may comprise advertisements from largenational organizations.

In an alternative embodiment, such as is described above with referenceto FIGS. 2 and 3, the content distribution module 202 may be configuredto present localized content. For instance, the content distributionmodule 202 may present content related to the locale of the computingenvironment. One example might include a coffee shop having a wirelessnetwork. After a user has associated with the network 108 and the clientmodule 206 is operating on the computing device 112, the contentdistribution module 202 may present a coupon for coffee to the user.

A further example might include a computing environment 200 establishedat a sports complex such as a professional baseball field. In such anenvironment, advertisements directed toward local places of businesssuch as local restaurants and bars may be presented to visitors. Onebenefit of the present invention, in this example, would be the abilityto present a coupon to the visitors of the game upon a certain amount ofhome runs being hit.

The schematic flow chart diagrams that follow are generally set forth aslogical flow chart diagrams. As such, the depicted order and labeledsteps are indicative of one embodiment of the presented method. Othersteps and methods may be conceived that are equivalent in function,logic, or effect to one or more steps, or portions thereof, of theillustrated method. Additionally, the format and symbols employed areprovided to explain the logical steps of the method and are understoodnot to limit the scope of the method. Although various arrow types andline types may be employed in the flow chart diagrams, they areunderstood not to limit the scope of the corresponding method. Indeed,some arrows or other connectors may be used to indicate only the logicalflow of the method. For instance, an arrow may indicate a waiting ormonitoring period of unspecified duration between enumerated steps ofthe depicted method. Additionally, the order in which a particularmethod occurs may or may not strictly adhere to the order of thecorresponding steps shown.

FIG. 5 is a schematic flow chart diagram illustrating one embodiment ofa method 500 for network authentication and content distribution inaccordance with the present invention. In one embodiment, the method 500starts 502 and a user connects 504 a computing device 112 with thenetwork 108. Connecting 504 a computing device 112 with the network 108may comprise wirelessly associating with the network, or physicallyplugging into the network. Steps such as requesting an IP address from aDHCP server have been left out for clarity because such steps areobvious to those skilled in the art of network design.

Once the computing device 112 is associated with the network, a usertypically requests content from the Internet 102. Examples of typicalInternet 102 requests include, but are not limited to, browsing webpages, checking email, connecting to a work place network using VPN,file transfers, and the like. The firewall module 104 is configured toredirect 506 the first Internet 102 request of a new computing device112 to the authentication module in order for the user license agreementto be presented. The user is then able to accept or reject the userlicense agreement.

Once the user license agreement is accepted, the authentication module204 initiates the client module 206, and the client module 206synchronizes 508 with the content distribution module 202. Theconnection may be terminated 510 by either the user or theauthentication module 204, at which point the method 500 ends 512.

FIG. 6 is a schematic flow chart diagram illustrating an alternativemethod 600 for network authentication and content distribution inaccordance with the present invention. In one embodiment, the method 600starts 602 and a computing device 112 connects 604 to the network 108.Connecting 604 with the network, as described above, may comprisewirelessly associating with or physically plugging into the network. Thefirewall module 104 then detects the presence of the computing device112 and redirects 606 the computing device to the authentication module204 to be presented with the user license agreement. In one embodiment,the firewall module 104 may utilize a DHCP request from the computingdevice 112 as evidence the computing device has not previouslyassociated with the network. Additionally, the firewall module 104 andthe authentication module 204 may maintain communication in order togrant or deny access to computing devices 112.

In one embodiment, if the user rejects 608 the user license agreementthe firewall module 104 denies access to the Internet 102. In a furtherembodiment, the firewall module terminates 610 the connection betweenthe computing device 112 and the network 108. Alternatively, if the useraccepts 608 the user license agreement, the authentication module 204installs the client module 206 on the computing device 112. In oneembodiment, the client module 206 is an applet operating within abrowser program on the computing device 112.

The client module 206 then connects 614 with the content distributionmodule 202 in order to begin synchronization. In one embodiment, thecontent distribution module 202 and the client module 206 are located onthe same network 108. Alternatively, the content distribution module 202may be located outside or on the other side of the firewall, andaccessible through the Internet 102. The content distribution module 202then monitors 616 the connection status of the client module 206.

In a further embodiment, if the client module 206 is not connecting 618to the content distribution module 202, the content distribution module202 terminates 620 the connection. For example, if the user has closedthe browser window having the client module 206, the contentdistribution module 202 informs the firewall module 104 and the firewallmodule 104 terminates 620 the connection as described above and themethod 600 ends 624.

Alternatively, if the client module 206 is connecting 618 with thecontent distribution module 202, and the content distribution module islikewise able to connect 622 with the client module, then thissynchronization loop continues until the client module 206 is terminatedor closed, at which point the connection is also terminated 620 by thefirewall module 104. If the client distribution module 202 is unable toconnect 622 with the client module 206, the client module 206 isredirected again to the firewall module 104. This restricts users of thenetwork and the client distribution module 202 to the license terms ofthe session thereby limiting users to conforming to the licenseagreement requirements. If users attempt to violate the licenseagreement by terminating the client module 206, the content distributionmodule 202 and firewall module 104 are configured to detect this andenforce the agreement, thus terminating the connection to the computingdevice 112.

The present invention may be embodied in other specific forms withoutdeparting from its spirit or essential characteristics. The describedembodiments are to be considered in all respects only as illustrativeand not restrictive. The scope of the invention is, therefore, indicatedby the appended claims rather than by the foregoing description. Allchanges which come within the meaning and range of equivalency of theclaims are to be embraced within their scope.

1. An apparatus for controlling Internet access, the apparatuscomprising: a firewall module situated between a computing device andthe Internet, the firewall module configured to: intercept a requestfrom the computing device to access the Internet; require a clientmodule to be installed on the computing device to access the Internet;cause one or more advertisements to be displayed to the user by theclient module during an Internet session conducted through the firewallmodule; and terminate the Internet session in response to the clientmodule being terminated such that the one or more advertisements are notpresented to the user.
 2. The apparatus of claim 1, further comprising acontent distribution module configured to send the one or moreadvertisements to be displayed to the user, wherein the contentdistribution module is further configured to sync with the clientmodule.
 3. The apparatus of claim 2, wherein the firewall module isfurther configured to terminate the Internet session in response to thecontent distribution module losing sync with the client module.
 4. Theapparatus of claim 1, wherein the firewall module is further configuredto initiate the Internet session upon acceptance of a user licenseagreement causing installation of the client module, and to denyinitiation of the Internet session upon non-acceptance of the userlicense agreement.
 5. The apparatus of claim 1, wherein the firewallmodule communicatively couples with the computing device using awireless network.
 6. The apparatus of claim 1, wherein the computingdevice comprises a browser configured to access the Internet.
 7. Theapparatus of claim 6, wherein the client module is configured to operatewithin the browser.
 8. A system comprising: a firewall module connectinga computing device and the Internet; an authentication module configuredto: intercept a request from the computing device to access theInternet; require a client module to be installed on the computingdevice to access the Internet; a content distribution module configuredto transmit one or more advertisements to the client module; the clientmodule configured to display one or more advertisements to the user ofthe computing device during an Internet session conducted through thefirewall module; and the authentication module further configured toterminate the Internet session in response to the client module beingterminated such that the one or more advertisements are no longerpresented to the user.
 9. The system of claim 8, wherein the contentdistribution module is further configured to terminate the Internet uponlosing sync with the client module.
 10. The system of claim 8, whereinthe authentication module is further configured to present a userlicense agreement on the computing device in connection with requiringthe client module to be installed on the computing device, wherein theauthentication module is configured to allow Internet access uponacceptance of the user license agreement and to deny Internet accessupon non-acceptance of the user license agreement.
 11. The system ofclaim 8, wherein the computing device communicates with the firewallmodule, the authentication module, and the content distribution moduleover a wireless network connection.
 12. The system of claim 11, whereinthe computing device comprises a browser configured to access theInternet.
 13. The system of claim 12, wherein the client module isconfigured to operate within the browser.
 14. The system of claim 13,wherein the authentication module is configured to terminate Internetaccess upon the termination of the client module.
 15. A computer programproduct stored on a computer-readable storage medium comprisinginstructions for: intercepting a request from a computing device toaccess the Internet; requiring a client module to be installed on thecomputing device to access the Internet; sending one or moreadvertisements to the client module during the Internet session, whereinthe client module displays the one or more advertisements to the userduring the Internet session conducted on the computing device; andterminating the Internet session in response to the client module beingterminated on the computing device such that the client module no longerdisplays the one or more advertisements to the user.
 16. The computerprogram product of claim 15, further comprising instructions for anoperation to synchronize a content distribution module with the clientmodule.
 17. The computer program product of claim 16, further comprisinginstructions for terminating the Internet session in response to thecontent distribution module losing sync with the client module.
 18. Thecomputer program product of claim 15, further comprising instructionsfor initiating the Internet session upon acceptance of a user licenseagreement causing installation of the client module, and denyinginitiation of the Internet session upon non-acceptance of the userlicense agreement.
 19. The computer program product of claim 15, whereinthe client module is terminated in response to one of a user terminatingthe client module and an error in the computing device terminating theclient module.
 20. The computer program product of claim 16, wherein theclient module is implemented in a browser on the computing device.